1. Lesson Title: Hacking RFID and other RF devices Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas http://rfidsecurity.uark.edu 1 This material is based upon work supported by the National Science Foundation under Grant No. DUE-0736741. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation (NSF). Copyright © 2008 by Dale R. Thompson {d.r.thompson@ieee.org}

2. Hacking Cryptographically-Enabled RFID Device Team at Johns Hopkins University reverse engineer Texas Instrument’s Digital Signature Transponder – Paid for gas with cloned RFID tag – Started car with cloned RFID tag Lessons – Security by obscurity does not work – Use standard cryptographic algorithms with sufficient key lengths http://rfidsecurity.uark.edu/

3. RFDump Open source software tool for RFID ISO-15693 and ISO-14443 readers (13.56 MHz) – Read/write data on RFID tags – Integrated cookie feature Add cookie to tag and automatically increment counter when tag is in range of reader Track number of times shopper enters reader field or picks up item – www.rf-dump.org http://rfidsecurity.uark.edu/

4. E-Passport Hacking Self-signed passport passes passport self scan in Amsterdam Airport in Sep. 2008 http://rfidsecurity.uark.edu 4 http://freeworld.thc.org/thc-epassport/

5. RFID Virus M. R. Rieback, B. Crispo, and A. S. Tanenbaum, “Is your cat infected with a computer virus?,” in Proc. IEEE Int’l. Conf. Pervasive Computing and Communications (PerCom), Pisa, Italy, Mar. 13-17, 2006. More to do with attack against RFID middleware software than RFID – SQL injection attack – Buffer overflow attack http://rfidsecurity.uark.edu/

6. Hacking an Implantable Cardioverter Defibrillator (ICD) Hacking RF devices can be serious! Reverse engineered Read patient information such as name and diagnosis Forced ICD to perform electrical shock! D. Halperin, et al., 2008 http://www.secure- medicine.org/icd-study/icd- study.pdf http://rfidsecurity.uark.edu 6

7. Contact Information Dale R. Thompson, Ph.D., P.E. Associate Professor Computer Science and Computer Engineering Dept. JBHT – CSCE 504 1 University of Arkansas Fayetteville, Arkansas 72701-1201 Phone: +1 (479) 575-5090 FAX: +1 (479) 575-5339 E-mail: d.r.thompson@ieee.org WWW: http://comp.uark.edu/~drt/ http://rfidsecurity.uark.edu 7

8. Copyright Notice, Acknowledgment, and Liability Release Copyright Notice – This material is Copyright © 2008 by Dale R. Thompson. It may be freely redistributed in its entirety provided that this copyright notice is not removed. It may not be sold for profit or incorporated in commercial documents without the written permission of the copyright holder. Acknowledgment – These materials were developed through a grant from the National Science Foundation at the University of Arkansas. Any opinions, findings, and recommendations or conclusions expressed in these materials are those of the author(s) and do not necessarily reflect those of the National Science Foundation or the University of Arkansas. Liability Release – The curriculum activities and lessons have been designed to be safe and engaging learning experiences and have been field-tested with university students. However, due to the numerous variables that exist, the author(s) does not assume any liability for the use of this product. These curriculum activities and lessons are provided as is without any express or implied warranty. The user is responsible and liable for following all stated and generally accepted safety guidelines and practices. http://rfidsecurity.uark.edu 8